How to Setup an Axigen Mail Server with Antivirus and Anti-spam protection

This how-to illustrates a situation where you need to set up your own mail server
(be it your home mail server, or a small office one) with antivirus and anti-spam
protection. It actually shows that, if using an integrated service mail server, the
procedure is quite simple and shouldn't take more than half an hour.

In this how-to we'll see how this works when using the following solutions,
running on a Fedora Core 4 platform:

The first part of the how-to shows how to install and do the initial set up the mail
server.

As the MTA also comes with built-in connectors for ClamAV Antivirus and SpamAssassin
Anti-spam, the second part shows you how to install these applications and configure
the connectors.

At the end of this process, you will be able to securely send and receive emails
through your own mail sever using SMTP, IMAP and POP3, scan them for viruses and filter
spam messages. Users will be able to access their mailboxes and retrieve email through
POP, IMAP and Webmail.

Mail Server Installation and Initial configuration Process

Let's first go through the mail server Installation and Initial configuration
process. These steps walk you through the installation, primary domain setup and
explain how to access the Web configuration interface (Webadmin).

Download / unpack corresponding package

Get the AXIGEN rpm package from the download website. Save the corresponding package
for Fedora Core 4, axigen.i386.rpm.gcc4.tar.gz, on your local machine and unpack the
file, by issuing in the same directory as the download file:

tar xzvf axigen.i386.rpm.gcc4.tar.gz

Install command
Then, in order to install the RPM package, issue (while logged in as root) the
following command, from the same directory as the rpm file:

rpm -ivh axigen-1.2.2.gcc4-1.i386.rpm

This will create the entire directory structure needed for the mail server to run.
After the installation, no daemons or related application will be started.

Configuration options

AXIGEN provides several configuration options (configuration file, Command Line
Interface), but the most intuitive and comprehensive is Webadmin, the Web configuration
interface.

Set the admin password for the Web configuration interface

The mail server comes with a Web configuration interface, the easiest administration
tool.
All you need to do in order to access Webadmin is set the admin password (admin user
works by default). To do that, run the mail server with

-A (or
--admin-passwd)

option:

/opt/axigen/bin/axigen -A <your_password>

Start the mail server

You can do this using the initscript, by issuing this command:

/etc/init.d/axigen start

At first server start, the mail server creates automatically a domain database
location, an entity the server uses to store domains. Thus, you?ll be able to directly
add your first domain and set your primary domain when first logging on to Webadmin, as
it will be stored in this domain database location, created by default.

Initial Configuration

While the server is started, start your favorite browser and enter the default
Webadmin address: http://127.0.0.1:9000/.
Login using the "admin" username and the password you have previously set.

Then, go to the Server tab and enter the name of the domain you have just
created in the Primary domain field.

Also, make sure that in the Running services area, all the services you would
like to use are checked. To be able to access email accounts via Webmail, the Webmail
check box needs to be selected.

To make your changes effective, click the Commit button in the upper left
corner and than go to the Commands tab and click the Save config button,
as instructed by the message displayed at the top of the screen. By doing this, the
server will run with the current configuration, with no need to restart the
server.

Setting up Antivirus and Antispam Connectors

Now that your server is running and your primary domain is configured, you can
connect the antivirus and anti-spam applications.

The setup process below describes how to make ClamAV Antivirus and SpamAssasin
Anti-spam application work with the mail server.

Connecting ClamAV

First, here is how to connect ClamAV, the antivirus application.

Download ClamAV (daemon), on the same machine on which the mail server is installed.
Follow these steps in order to configure ClamAv for use with the MTA and start the
clamd daemon.

Configure AXIGEN anti-virus filter at server level using WebAdmin

In the Server tab, go to Filters page and then to Socket
Filters page. Click on the Add new filter button.

Fill out the fields in the window displayed.

The Name field represents the name of the filter. The Address field
depends on how clamd is configured. You can use either a TCP or a local socket, and you
must enter the address accordingly:

for a local socket: local://path_to_local_socket

for a TCP socket: inet://ip.ad.dr.ess:port

The Protocol file field must contain the system full path to the ClamAV AFSL
(AXIGEN Filters Scripting Language) file, by default:
/var/opt/axigen/filters/clam-av.afsl.

The Idle timeout field represents the inactivity timeout on connection.

The Action on match field defines the action to be taken in case the filter
matches an email (this can have a value of pass, discard or reject).
Note: For antivirus and Anti-spam filters, the reject action should not be used, and is
known to be a bad practice, as it will cause a significant traffic growth.

The Max. connections field will set the maximum number of connections to the
specified filter.

At the end, press the Add button, then the Commit button and, as
specified, once again on the Commit button. Go to Commands tab and click
Save config to save the new configuration.

Enable this filter for all incoming and outgoing mails:

In the Server tab, go to Filters page and then to Active
Filters page. Click on the Add new filter button.

Fill out the fields in the new window displayed.

In the Priority field, enter a priority between 0 and 500 (a filter with
priority 0 will be applied first and the one with 500, last). Please note that the
domain-level filters have the priority limited to range 100-400 and the user-level
filters are limited to the 200-300 range. A value of "10" should be fine, leaving you
space to apply some other future filter before this one.

After setting the filter priority, select the socket value from in the Filter
type dropdown list and the clamav value from the FilterName list.

In the Apply on relay dropdown list, select the yes option, to apply the
filter on outgoing mails. To make sure you scan both incoming and outgoing mails, you
have to create two entries for the same filter, one with this option set to no and
another one with the option set to yes.

In AXIGEN, it is also possible to enable filters at domain and user level, in the
corresponding Webadmin tabs. The filters activated at server level, will be
automatically applied for all domains and accounts. However, you have the possibility
to add additional filters at domain or account level.

Connecting SpamAssassin

The process for Connecting SpamAssassin, is similar, but even less time-consuming as no
configurations are necessary after the product installation.

InstallationInstall SpamAssassin using the yum application:

yum install spamassassin

No further configurations are necessary.

Configure SpamAssassin at server level, using Webadmin. The connector for
SpamAssassin is a socket filter for AXIGEN, so the configuration procedure is the
same.
The difference would be that for SpamAssassin, a TCP socket is more likely to be
used.
The data for SpamAssassin to use in this procedure is:

Also, when activating the SpamAssassin filter, you need to keep in mind the
following:

Enter a different priority value for the SpamAssasin filter (if you have
chosen 10 for ClamAV, choose a higher value for SpamAssassin in order to apply this
filter after ClamAV in the filtering chain)

Select the corresponding filter name, spamassassin in the Filter name
list

Access AXIGEN Webmail

At this step of the way, your mail server is ready to go, and you can also you can
access the AXIGEN Webmail to send and receive test messages.

First create a user account using the Webadmin, Accounts tab (the minimal
configurations displayed in the General page of the account will do for now). Then, use
the full email address and password to log on to AXIGEN Webmail, at the default
address: http://127.0.0.1:8000.

Now you're really done: you can securely send and receive messages from your home
domain and easily make any further configurations, to accommodate your specific network
requirements.

As you have seen, installing all mail services from one single executable, and an
intuitive Web configuration interface make things a lot easier and a lot less
time-consuming.